Security News > 2023 > April > Microsoft Defender update causes Windows Hardware Stack Protection mess
In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature.
A recent Microsoft Defender update has made this feature even more confusing, as after it is installed, the LSA Protection feature is removed and replaced by a new feature called Kernel-mode Hardware-enforced Stack Protection.
"For code running in kernel mode, the CPU confirms requested return addresses with a second copy of the address stored in the shadow stack to prevent attackers from substituting an address that runs malicious code instead," explains the Windows Kernel-mode Hardware-enforced Stack Protection setting.
It's not even clear if LSA protection is bundled into the Kernel-mode Hardware-enforced Stack Protection or has been removed from the Windows Setting interface entirely, requiring users to enable it manually via the Registry.
There has been no notice from Microsoft about the swapping of these security features or about Kernel-mode Hardware-enforced Stack Protection being added other than the brief description found in Windows Security and the scattered documentation [1, 2, 3] on the Stack Protection feature.
BleepingComputer asked Microsoft about the new Stack Protection feature if LSA Protection is now bundled within it, and the conflicts people are having.
News URL
Related news
- Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs (source)
- Microsoft is killing off the Android apps in Windows 11 feature (source)
- Microsoft says Windows 10 21H2 support is ending in June (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Microsoft announces deprecation of 1024-bit RSA keys in Windows (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)